%term

Uncovering the Polyfill.io Supply Chain Attack

Jul 8, 2024 By Snyk In Snyk

In this video, we will be uncovering how a sneaky supply chain attack on the JavaScript Polyfill.io service compromised websites across the globe, including big names like Intuit, Square, the U.S. government and more. Stay tuned to find out how the attack occurred and what you can do to prevent it!

View Video

Snyk

Read more about Uncovering the Polyfill.io Supply Chain Attack

Polyfill.io and Software Supply Chain Security: A Cautionary Tale

Jul 8, 2024 By Ansh Patnaik In CyCognito

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

Read Post

CyCognito

Read more about Polyfill.io and Software Supply Chain Security: A Cautionary Tale

OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

Jul 8, 2024 By Harman Singh In Cyphere

Software security is key to the online world’s survival. Collaborative efforts of cybersecurity professionals and volunteers have come together to create the OWASP web security testing guide. Malicious actors constantly threaten web applications, the backbone of many businesses. OWASP penetration testing is crucial for identifying and addressing these security vulnerabilities.

Read Post

Cyphere

Read more about OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers - 700,000+ Linux Boxes Potentially at Risk

Jul 6, 2024 By Wallarm In Wallarm

Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote logins, manage and administer remote servers, and transfer files through SCP and SFTP. Nicknamed as the “RegreSSHion Bug”, Researchers at Qualys initially identified the vulnerability in May 2024.

Read Post

Wallarm

Read more about CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers - 700,000+ Linux Boxes Potentially at Risk

Stored XSS & Insecure File Upload In Cervantes Alpha 0.5

Jul 5, 2024 By Aakanksha Khanna In Astra

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.

Read Post

Astra

Read more about Stored XSS & Insecure File Upload In Cervantes Alpha 0.5

CVE-2024-6387 - Shields Up Against RegreSSHion

Jul 4, 2024 By ashish chakrabortty In Sysdig

On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH).

Read Post

Sysdig

Read more about CVE-2024-6387 - Shields Up Against RegreSSHion

Best Practice for Securely Developing with AI - Keep a Human in the Loop

Jul 4, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Best Practice for Securely Developing with AI - Keep a Human in the Loop

Critical OpenSSH Vulnerability 'RegreSSHion' Potentially Exposes Millions of Servers (CVE-2024-6387)

Jul 4, 2024 By Shikhil Sharma In Astra

Recently, Qualys identified a new remote unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, nicknamed regreSSHion (CVE-2024-6387).

Read Post

Astra

Read more about Critical OpenSSH Vulnerability 'RegreSSHion' Potentially Exposes Millions of Servers (CVE-2024-6387)

CVE-2024-6387 OpenSSH RCE vulnerability ("regreSSHion") - Cato Networks impact and analysis

Jul 4, 2024 By Vadim Freger In Cato Networks

TL; DR – Multiple versions of OpenSSH are vulnerable to remote code execution. There is no working public PoC, and researchers have only been able to exploit the vulnerability under unique lab conditions. Cato Sockets by default do NOT have a publicly exposed SSH interface, it is always recommended to keep Cato Sockets LAN interface exposed only internally and use comprehensive network access controls to manage SSH access.

Read Post